Vulnerabilities > Hcltech

DATE CVE VULNERABILITY TITLE RISK
2022-12-19 CVE-2022-44754 Out-of-bounds Write vulnerability in Hcltech Domino 9.0/9.0.1
HCL Domino is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView.
local
low complexity
hcltech CWE-787
7.8
2022-12-19 CVE-2022-44755 Out-of-bounds Write vulnerability in Hcltech Notes 10.0.1/9.0.1
HCL Notes is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView.
local
low complexity
hcltech CWE-787
7.8
2022-12-12 CVE-2022-42446 Incorrect Default Permissions vulnerability in Hcltech Sametime 12.0
Starting with Sametime 12, anonymous users are enabled by default.
network
low complexity
hcltech CWE-276
6.5
2022-11-04 CVE-2022-38654 Unspecified vulnerability in Hcltech Domino
HCL Domino is susceptible to an information disclosure vulnerability.
local
low complexity
hcltech
5.5
2022-11-04 CVE-2022-38660 Cross-Site Request Forgery (CSRF) vulnerability in Hcltech Domino 9.0/9.0.1
HCL XPages applications are susceptible to a Cross Site Request Forgery (CSRF) vulnerability.
network
low complexity
hcltech CWE-352
8.8
2022-11-01 CVE-2020-4099 Inadequate Encryption Strength vulnerability in Hcltech Verse 12.0.9
The application was signed using a key length less than or equal to 1024 bits, making it potentially vulnerable to forged digital signatures.
network
low complexity
hcltech CWE-326
7.5
2022-10-31 CVE-2021-27784 Use of a Broken or Risky Cryptographic Algorithm vulnerability in Hcltech HCL Launch Container Image 7.1.0.1
The provided HCL Launch Container images contain non-unique HTTPS certificates and a database encryption key.
network
low complexity
hcltech CWE-327
7.5
2022-09-22 CVE-2021-27774 Improper Input Validation vulnerability in Hcltech HCL Digital Experience 8.5/9.0/9.5
User input included in error response, which could be used in a phishing attack.
network
low complexity
hcltech CWE-20
5.4
2022-09-15 CVE-2022-27561 Cross-site Scripting vulnerability in Hcltech Traveler 10.0.0.0/12.0.1.0/12.0.1.1
There is a reflected Cross-Site Scripting vulnerability in the HCL Traveler web admin (LotusTraveler.nsf).
network
low complexity
hcltech CWE-79
4.8
2022-08-30 CVE-2022-27560 Insufficiently Protected Credentials vulnerability in Hcltech Versionvault Express 2.0.1/2.1.0
HCL VersionVault Express exposes administrator credentials.
network
low complexity
hcltech CWE-522
6.5